<?php
/*
* StiPHPcms, A web Content management System made with PHP/MySQL
* JordSti : jord52@gmail.com
* Version : 0.0.1
*
* Copyright (C) 2009  jord52@gmail.com
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
*/

include "core/tools/string.php";

class AdminModule {
	
	private $cms;
	
	public function __construct($cms)
	{
		$this->cms = $cms;
	}
	
	public function run()
	{

		if(isset($_GET['t']))
		{
			$task = $_GET['t'];
		}
		else
		{
			$task = "default";
		}
		
		if($task=='settings')
		{
			$this->adminHeader();
			$this->settingsPage();
		}
		else if($task=='savesettings')
		{
			$this->saveSettings();
		}
		else if($task=='addsetting')
		{
			$this->addSetting();
		}
		else if($task=='users')
		{
			$this->adminHeader();
			$this->userPage();
		}
		else if($task=='edituser')
		{
			$this->adminHeader();
			$this->editUser();
		}
		else if($task=='deleteuser')
		{
			$this->deleteUser();
		}
		else if($task=='saveuser')
		{
			$this->saveUser();
		}
		else if($task=='menu')
		{
			$this->adminHeader();
			$this->menuPage();
		}
		else if($task=='deletemenu')
		{
			$this->deleteMenuEntry();
		}
		else if($task=='savemenu')
		{
			$this->saveMenuEntry();
			$this->adminHeader();
			$this->menuPage();
		}
		else if($task=='addmenu')
		{
			$this->addMenuEntry();
			$this->adminHeader();
			$this->menuPage();
		}
		else if($task=='navbar')
		{
			$this->adminHeader();
			$this->navBarPage();
		}
		else if($task=='deletenavbar')
		{
			$this->deleteNavBarEntry();
		}
		else if($task=='savenavbar')
		{
			$this->saveNavBarEntry();
			$this->adminHeader();
			$this->navBarPage();
		}
		else if($task=='addnavbar')
		{
			$this->addNavBarEntry();
			$this->adminHeader();
			$this->navBarPage();
		}
		else if($task=='rank')
		{
			$this->adminHeader();
			$this->rankPage();
		}
		else if($task=='saverank')
		{
			$this->saveRank();
			$this->adminHeader();
			$this->rankPage();
		}
		else if($task=='addrank')
		{
			$this->addRank();
			$this->adminHeader();
			$this->rankPage();
		}
		else if($task=='default')
		{
			$this->adminHeader();
		}
		else if($task=='pages')
		{
			$this->adminHeader();
			$this->pagesList();
		}
		else if($task=='deletepage')
		{
			$this->adminHeader();
			$this->deletePage();
			$this->pagesList();
		}
		
	}
	
	public function adminHeader()
	{
		$this->cms->renderHeader($this->cms->lang['admin']);;
		$this->cms->renderMenu();
	}
	
	
	public function deletePage()
	{
		if(isset($_GET['pid']))
		{
			if(is_numeric($_GET['pid']))
			{
			$page_id = $_GET['pid'];
			}
			else
			{
				$this->cms->error('','index.php');
			}
		}
		else
		{
			$this->cms->error('','index.php');
		}
		
		$this->cms->sql_query("DELETE FROM %prefix%pages WHERE id=$page_id");
	}
	
	public function pagesList()
	{
		$html = '<table width="90%">
		<tr class="rowhead">
		<td>'.$this->cms->lang['page_title'].'</td>
		<td>'.$this->cms->lang['created_on'].'</td>
		<td></td>
			<tr>';
		
		$row = 'row01';
		
		$dt = $this->cms->sql_query("SELECT * FROM %prefix%pages ORDER BY id DESC");
		
		while($data = mysql_fetch_array($dt))
		{
			$html .= '<tr class="'.$row.'">
			<td><a href="page.php?p='.$data['title'].'">'.$data['title'].'</a></td>
			<td>'.date($this->cms->lang['dateformat'],$data['time_lastedit']).'</td>
			<td><a href="admin.php?t=deletepage&pid='.$data['id'].'">'.$this->cms->lang['delete'].'</a></td>
			</tr>';
			
			if($row=='row01')
			{
				$row = 'row02';
			}
			else
			{
				$row = 'row01';
			}
			
		}
		$html .= '</table>';
		
		$this->cms->addFrame('',$html);
	}
	
	public function navBarPage()
	{
		$dt = $this->cms->sql_query('SELECT * FROM %prefix%navbar ORDER BY zindex');
		
		$html = "";
		
		while($data = mysql_fetch_array($dt))
		{
			$html .= '<form method="post" action="admin.php?t=savenavbar">
		<fieldset>
		<p><label for="lname">'.$this->cms->lang['admin_menu_text'].' : </label><input type="text" name="lname" id="lname"  value="'.$data['lname'].'" tabindex="10" /></p>
		<p><label for="url">'.$this->cms->lang['admin_menu_link'].' : </label><input type="text" name="url" id="url" value="'.$data['url'].'" tabindex="20" /></p>
		<p><label for="zindex">'.$this->cms->lang['admin_menu_zindex'].' : </label><input type="text" name="zindex" id="zindex" value="'.$data['zindex'].'" tabindex="30" /></p>
		<p><label for="rank_req">'.$this->cms->lang['admin_menu_rank_req'].' : </label><input type="text" name="rank_req" id="rank_req" value="'.$data['rank_req'].'" tabindex="40" /></p>
		<p><input type="submit" value="'.$this->cms->lang['save'].'"/> | <a href="admin.php?t=deletenavbar&mid='.$data['id'].'">'.$this->cms->lang['delete'].'</a></p>
		<input type="hidden" name="mid" value="'.$data['id'].'"/>
		</fieldset>
		</form>';
			
		}
		
					$html .= '<form method="post" action="admin.php?t=addnavbar">
		<fieldset>
		<legend>'.$this->cms->lang['admin_menu_add_entry'].'</legend>
		<p><label for="lname">'.$this->cms->lang['admin_menu_text'].' : </label><input type="text" name="lname" id="lname" tabindex="10" /></p>
		<p><label for="url">'.$this->cms->lang['admin_menu_link'].' : </label><input type="text" name="url" id="url" tabindex="20" /></p>
		<p><label for="zindex">'.$this->cms->lang['admin_menu_zindex'].' : </label><input type="text" name="zindex" id="zindex" tabindex="30" /></p>
		<p><label for="rank_req">'.$this->cms->lang['admin_menu_rank_req'].' : </label><input type="text" name="rank_req" id="rank_req" tabindex="40" /></p>
		<p><input type="submit" value="'.$this->cms->lang['save'].'"/></p>
		</fieldset>
		</form>';
		
		$this->cms->template->addFrame('',$html);
	}
	
	
	
	public function saveNavBarEntry()
	{
		$_POST = array_sql_escape($_POST);
		
		$lname = $_POST['lname'];
		$url = $_POST['url'];
		
		if(!is_numeric($_POST['mid']))
		{
			$this->cms->error('','admin.php');
		}
		
		$entry_id = $_POST['mid'];
		
		if(is_numeric($_POST['zindex']))
		{
			$zindex = $_POST['zindex'];
		}
		else
		{
			$zindex = 0;
		}
		
		if(is_numeric($_POST['rank_req']))
		{
			$rank_req = $_POST['rank_req'];
		}
		else
		{
			$rank_req = 0;
		}
		
		$this->cms->sql_query("UPDATE %prefix%navbar SET lname='$lname',url='$url',zindex=$zindex,rank_req=$rank_req WHERE id=$entry_id");
	}
	
	public function addNavBarEntry()
	{
		$_POST = array_sql_escape($_POST);
		
		$lname = $_POST['lname'];
		$url = $_POST['url'];
		
		if(is_numeric($_POST['zindex']))
		{
			$zindex = $_POST['zindex'];
		}
		else
		{
			$zindex = 0;
		}
		
		if(is_numeric($_POST['rank_req']))
		{
			$rank_req = $_POST['rank_req'];
		}
		else
		{
			$rank_req = 0;
		}
		
		$this->cms->sql_query("INSERT INTO %prefix%navbar VALUES('','$lname','$url',$zindex,$rank_req)");
	}
	
	public function deleteNavBarEntry()
	{
		if(isset($_GET['mid']))
		{
			if(!is_numeric($_GET['mid']))
			{
				$this->error('','admin.php');
			}
			else
			{
				$entry_id = $_GET['mid'];
			}
		}
		else
		{
			$this->error('','admin.php');
		}
		
		$this->cms->sql_query("DELETE FROM %prefix%navbar WHERE id=$entry_id");
		
		header('location: admin.php?t=navbar');
	}
	
	
	public function menuPage()
	{
		$dt = $this->cms->sql_query('SELECT * FROM %prefix%menu ORDER BY zindex');
		
		$html = "";
		
		while($data = mysql_fetch_array($dt))
		{
			$html .= '<form method="post" action="admin.php?t=savemenu">
		<fieldset>
		<p><label for="lname">'.$this->cms->lang['admin_menu_text'].' : </label><input type="text" name="lname" id="lname"  value="'.$data['lname'].'" tabindex="10" /></p>
		<p><label for="url">'.$this->cms->lang['admin_menu_link'].' : </label><input type="text" name="url" id="url" value="'.$data['url'].'" tabindex="20" /></p>
		<p><label for="zindex">'.$this->cms->lang['admin_menu_zindex'].' : </label><input type="text" name="zindex" id="zindex" value="'.$data['zindex'].'" tabindex="30" /></p>
		<p><label for="rank_req">'.$this->cms->lang['admin_menu_rank_req'].' : </label><input type="text" name="rank_req" id="rank_req" value="'.$data['rank_req'].'" tabindex="40" /></p>
		<p><input type="submit" value="'.$this->cms->lang['save'].'"/> | <a href="admin.php?t=deletemenu&mid='.$data['id'].'">'.$this->cms->lang['delete'].'</a></p>
		<input type="hidden" name="mid" value="'.$data['id'].'"/>
		</fieldset>
		</form>';
			
		}
		
					$html .= '<form method="post" action="admin.php?t=addmenu">
		<fieldset>
		<legend>'.$this->cms->lang['admin_menu_add_entry'].'</legend>
		<p><label for="lname">'.$this->cms->lang['admin_menu_text'].' : </label><input type="text" name="lname" id="lname" tabindex="10" /></p>
		<p><label for="url">'.$this->cms->lang['admin_menu_link'].' : </label><input type="text" name="url" id="url" tabindex="20" /></p>
		<p><label for="zindex">'.$this->cms->lang['admin_menu_zindex'].' : </label><input type="text" name="zindex" id="zindex" tabindex="30" /></p>
		<p><label for="rank_req">'.$this->cms->lang['admin_menu_rank_req'].' : </label><input type="text" name="rank_req" id="rank_req" tabindex="40" /></p>
		<p><input type="submit" value="'.$this->cms->lang['save'].'"/></p>
		</fieldset>
		</form>';
		
		$this->cms->template->addFrame('',$html);
	}
	
	
	public function saveMenuEntry()
	{
		$_POST = array_sql_escape($_POST);
		
		$lname = $_POST['lname'];
		$url = $_POST['url'];
		
		if(!is_numeric($_POST['mid']))
		{
			$this->cms->error('','admin.php');
		}
		
		$entry_id = $_POST['mid'];
		
		if(is_numeric($_POST['zindex']))
		{
			$zindex = $_POST['zindex'];
		}
		else
		{
			$zindex = 0;
		}
		
		if(is_numeric($_POST['rank_req']))
		{
			$rank_req = $_POST['rank_req'];
		}
		else
		{
			$rank_req = 0;
		}
		
		$this->cms->sql_query("UPDATE %prefix%menu SET lname='$lname',url='$url',zindex=$zindex,rank_req=$rank_req WHERE id=$entry_id");
	}
	
	public function addMenuEntry()
	{
		$_POST = array_sql_escape($_POST);
		
		$lname = $_POST['lname'];
		$url = $_POST['url'];
		
		if(is_numeric($_POST['zindex']))
		{
			$zindex = $_POST['zindex'];
		}
		else
		{
			$zindex = 0;
		}
		
		if(is_numeric($_POST['rank_req']))
		{
			$rank_req = $_POST['rank_req'];
		}
		else
		{
			$rank_req = 0;
		}
		
		$this->cms->sql_query("INSERT INTO %prefix%menu VALUES('','$lname','$url',$zindex,$rank_req)");
	}
	
	public function deleteMenuEntry()
	{
		if(isset($_GET['mid']))
		{
			if(!is_numeric($_GET['mid']))
			{
				$this->error('','admin.php');
			}
			else
			{
				$entry_id = $_GET['mid'];
			}
		}
		else
		{
			$this->error('','admin.php');
		}
		
		$this->cms->sql_query("DELETE FROM %prefix%menu WHERE id=$entry_id");
		
		header('location: admin.php?t=menu');
	}
	
	public function settingsPage()
	{
		$form = '<form method="post" action="admin.php?t=savesettings">
		<fieldset>
		<legend>'.$this->cms->lang['admin_settings'].'</legend>';

		$tabindex = 10;
		
		foreach($this->cms->settings as $key => $value)
		{
			$form .= '<p><label for="'.$key.'">'.$key.' : </label><input type="text" name="'.$key.'" id="'.$key.'" tabindex="'.$tabindex.'" value="'.$value.'" /></p>';
			$tabindex += 10;
		}
		
		$form .= '<p><input type="submit" value="'.$this->cms->lang['admin_save_settings'].'"/></p>
		</fieldset>
		</form>';
		
		$form .= '<form method="post" action="admin.php?t=addsetting">
		<fieldset>
		<legend>'.$this->cms->lang['admin_new_settings'].'</legend>
		<p><label for="key">'.$this->cms->lang['admin_settings_key'].' : </label><input type="text" name="key" id="key" tabindex="10" /></p>
		<p><label for="content">'.$this->cms->lang['admin_settings_value'].' : </label><input type="text" name="content" id="content" tabindex="20" /></p>
		<p><input type="submit" value="'.$this->cms->lang['admin_new_settings'].'"/></p>
		</fieldset>
		</form>';
		
		$this->cms->template->addFrame('',$form);
	}
	
	public function saveSettings()
	{
		$settings = $this->cms->settings;
		$new_settings = $_POST;
		foreach($settings as $key => $value)
		{
			if(array_key_exists($key,$_POST))
			{
				if($value!=$_POST[$key])
				{
					$n_value = $_POST[$key];
					$this->cms->sql_query("UPDATE %prefix%settings SET value='$n_value' WHERE varname='$key'");
				}
			}
		}
		
		header('location: admin.php?t=settings');
	}
	
	public function addSetting()
	{
		if(!isset($_POST['key']))
		{
			$this->cms->error($this->cms->lang['admin_error']);
		}
		
		$this->cms->addSetting($_POST['key'],$_POST['content']);
		
		header('location: admin.php?t=settings');
	}
	
	public function userPage()
	{
		$dt = $this->cms->sql_query("SELECT * FROM %prefix%users ORDER BY id DESC");
		
		$html = '<table>
		<tr class="rowhead">
		<td># ID</td>
		<td>'.$this->cms->lang['username'].'</td>
		<td>'.$this->cms->lang['email'].'</td>
		<td>'.$this->cms->lang['created_on'].'</td>
		<td>'.$this->cms->lang['rank'].'</td>
		<td>-</td>
		</tr>';
		
		$rowclass = 'row01';
		
		while($data = mysql_fetch_array($dt))
		{
			$html .= '<tr class="'.$rowclass.'">
		<td>'.$data['id'].'</td>
		<td>'.$data['username'].'</td>
		<td>'.$data['email'].'</td>
		<td>'.date($this->cms->lang['dateformat'],$data['timestamp']).'</td>
		<td>'.$data['rank'].'</td>
		<td><a href="admin.php?t=edituser&uid='.$data['id'].'">'.$this->cms->lang['edit'].'</a> | <a href="admin.php?t=deleteuser&uid='.$data['id'].'">'.$this->cms->lang['delete'].'</a></td>
		</tr>';
			
			if($rowclass=='row01')
			{
				$rowclass = 'row02';
			}
			else
			{
				$rowclass = 'row01';
			}
		}
		
		$html .= '</table>';
		
		$this->cms->template->addFrame('',$html);
	}
	
	public function editUser()
	{
		if(isset($_GET['uid']))
		{
			if(is_numeric($_GET['uid']))
			{
			$user_id = $_GET['uid'];
			}
			else
			{
				$this->cms->error('','index.php');
			}
		}
		else
		{
			$this->cms->error('','index.php');
		}
		
		$dt = $this->cms->sql_query("SELECT * FROM %prefix%users WHERE id=$user_id");
		
		if(mysql_num_rows($dt)==0)
		{
			$this->cms->error('','index.php');	
		}
		
		$data = mysql_fetch_array($dt);
		
		$html = '<form method="post" action="admin.php?t=saveuser">
		<fieldset>
		<legend>'.$this->cms->lang['admin_new_settings'].'</legend>
		<p><label for="username">'.$this->cms->lang['username'].' :</label><input type="text" name="username" id="username" value="'.$data['username'].'" tabindex="10" /></p>
		<p>'.$this->cms->lang['password'].' : '.$data['password'].'</p>
		<p><label for="rank">'.$this->cms->lang['rank'].' : </label><input type="text" name="rank" id="rank" value="'.$data['rank'].'" tabindex="20" /></p>
		<p><label for="email">'.$this->cms->lang['email'].' : </label><input type="text" name="email" id="email" value="'.$data['email'].'" tabindex="30" /></p>
		<p>'.$this->cms->lang['activation_code'].' : '.$data['activation_code'].'</p>
		<input type="hidden" name="user_id" value="'.$data['id'].'" />
		<p><input type="submit" value="'.$this->cms->lang['save'].'"/></p>
		</fieldset>
		</form>';
		
		$this->cms->template->addFrame('',$html);
		
	}
	
	public function deleteUser()
	{
		if(isset($_GET['uid']))
		{
			if(is_numeric($_GET['uid']))
			{
			$user_id = $_GET['uid'];
			}
			else
			{
				$this->cms->error('','index.php');
			}
		}
		else
		{
			$this->cms->error('','index.php');
		}
		
		$this->cms->sql_query("DELETE FROM %prefix%users WHERE id=$user_id");
		
		header('location: admin.php?t=users');
	}
	
	public function saveUser()
	{
		$username = $_POST['username'];
		$rank = $_POST['rank'];
		$email = $_POST['email'];
		$user_id = $_POST['user_id'];
		
		$this->cms->sql_query("UPDATE %prefix%users SET username='$username',rank=$rank,email='$email' WHERE id=$user_id");
		header('location: admin.php?t=users');
	}
	
	public function rankPage()
	{
		$dt = $this->cms->sql_query("SELECT * FROM %prefix%rank ORDER BY id");
		
		$html = "";
		
		while($data = mysql_fetch_array($dt))
		{
			$html .= '<form method="post" action="admin.php?t=saverank">
		<p>'.$this->cms->lang['admin_rank_level'].' : '.$data['id'].' </p><p><label for="rankname">'.$this->cms->lang['admin_rank_name'].' :</label><input type="text" name="rankname" id="rankname" value="'.$data['rankname'].'" tabindex="10" />
		<input type="hidden" name="rank_id" value="'.$data['id'].'" />
		<input type="submit" value="'.$this->cms->lang['save'].'"/></p>
		</form>';
		}
		
		$html .= '<form method="post" action="admin.php?t=addrank">
		<fieldset>
		<legend>'.$this->cms->lang['admin_add_rank'].'</legend>
		<p><label for="rank_id">'.$this->cms->lang['admin_rank_level'].' : </label><input type="text" name="rank_id" id="rank_id" tabindex="10" /></p>
		<p><label for="rankname">'.$this->cms->lang['admin_rank_name'].' : </label><input type="text" name="rankname" id="rankname" tabindex="20" /></p>
		<p><input type="submit" value="'.$this->cms->lang['save'].'"/></p>
		</fieldset>
		</form>';
		
		$this->cms->template->addFrame('',$html);
	}
	
	public function saveRank()
	{
		if(isset($_POST['rank_id']))
		{
			if(!is_numeric($_POST['rank_id']))
			{
				$this->cms->error('','index.php');
			}
		}
		else
		{
			$this->cms->error('','index.php');
		}
		
		$rank_id = $_POST['rank_id'];
		$title = mysql_real_escape_string($_POST['rankname']);
		
		$this->cms->sql_query("UPDATE %prefix%rank SET rankname='$title' WHERE id=$rank_id");
	}
	
	public function addRank()
	{
		if(isset($_POST['rank_id']))
		{
			if(!is_numeric($_POST['rank_id']))
			{
				$this->cms->error('','index.php');
			}
		}
		else
		{
			$this->cms->error('','index.php');
		}
		
		$rank_id = $_POST['rank_id'];
		$title = mysql_real_escape_string($_POST['rankname']);
		
		$this->cms->sql_query("INSERT INTO %prefix%rank VALUES($rank_id,'$title')");
	}
	
}


?>